oss-sec mailing list archives
CVE-2009-1191: mod_proxy_ajp information disclosure vulnerability
From: Vincent Danen <vdanen () redhat com>
Date: Thu, 23 Apr 2009 11:11:22 -0600
This is just a heads up about an information disclosure vulnerability in mod_proxy_ajp, similar to the issue in mod_jk (CVE-2008-5519). This only affects mod_proxy_ajp in httpd 2.2.11; prior versions do not have this problem. The issue was caused by the following patch: http://svn.apache.org/viewvc?view=rev&revision=711779 The patch that will be applied to httpd 2.2.12 is here: http://www.apache.org/dist/httpd/patches/apply_to_2.2.11/PR46949.diff More information can be found in our bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1191 This would only affect earlier versions of Apache if you had backported the problem patch to earlier versions. --Vincent Danen / Red Hat Security Response Team
Current thread:
- CVE-2009-1191: mod_proxy_ajp information disclosure vulnerability Vincent Danen (Apr 23)